Your privacy and security are our top priorities. This policy outlines how Luntrex handles data collection, processing, and storage across our platform.
Last updated: 2025-11-30. For privacy questions or rights requests, contact no-reply@luntrex.com.
Luntrex collects only the data necessary to operate your account and improve platform performance. This includes account information, usage logs, model routing metrics, and billing records. We do not use model input or output for training or advertising. Debugging data is kept only when explicitly enabled and is time-limited.
Passwords are hashed (bcrypt), and API keys are stored hashed so they cannot be retrieved in plain text. Data in transit uses TLS. Secrets at rest are protected by our cloud provider KMS. Unauthorized requests are blocked and logged through continuous monitoring.
Your data belongs to you. We do not sell or rent your personal or usage information. Model prompts and responses remain confidential and are not used for training or benchmarking unless you explicitly authorize it.
For convenience, Luntrex may store minimal session data such as authentication cookies or UI preferences. These items can be cleared anytime without affecting your permanent account or backend logs. Sensitive data (e.g., API keys) is never exposed or cached in client-side storage.
Luntrex complies with global privacy standards, including GDPR and regional data protection laws. Data is retained only as long as necessary for account operation, billing, and compliance audits (for example, billing records may be retained per statutory requirements). You can request data deletion or export at any time through our support team.
Where applicable, you have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. Submit requests via our support channel; we will respond within applicable legal timeframes.
Data is hosted with reputable cloud providers. We use vetted subprocessors for storage, email, and analytics; each is bound by confidentiality and security commitments. We can provide a current subprocessor list upon request.
In the event of a data incident involving your personal data, we will notify affected users without undue delay in accordance with applicable law.
Luntrex is not directed to children under the age of 16. If we learn a child has provided personal data, we will delete it promptly.